I'm Spitting Flames - MSN/Hotmail Account Hacked

My cousin has had her MSN/Hotmail account hacked by an 'admirer' of hers. It's not the first time this has happened, he gained access to her account a few months ago - reading and sending e-mail's to the people in her contact list.
She's politely asked him not to, to which he promised he would not do it again, but he has and this time he's very much overstepped the line.

My cousin does a lot of charity work for a local cancer charity and has won many awards, and been in many publications in the UK. She uses her e-mail address as her primary contact between her and those companies she's appealing to for help.
This morning she received a number of stern replies to e-mail's she can't remember sending. It turns out that her admirer has sent abusive e-mail's to many of the people on her contact list, and has changed my cousins contact name to 'C**t Flaps'.

There's a funny side to be seen here, but not when he's specifically sent the e-mail's in the hope of damaging her reputation. Those he sent the e-mail's to include heads of national companies and government official's (the wife of the lord mayor actually called my cousin) - relationships that have taken many years to build up.

Understandably my cousin is mortally embarrassed. The first time it happened she laughed it off and simply changed her password. She's asked me how he's doing it - how has he hacked her address even when her passwords have been changed?
She's now changed her e-mail address, but wants to keep the old one due to so many people knowing it.

What I want to know is, given that I have HIS e-mail address, what can I do to him if he proceeds down this path again?

He's obviously quite tech-savvy, so I'd like him to know that he's not the only one who can mess with others' e-mail accounts.

If anybody can please PM me to say what measures can be taken, I'd be very appreciative

My cousin has had her MSN/Hotmail account hacked by an 'admirer' of hers. It's not the first time this has happened, he gained access to her account a few months ago - reading and sending e-mail's to the people in her contact list.
She's politely asked him not to, to which he promised he would not do it again, but he has and this time he's very much overstepped the line.

My cousin does a lot of charity work for a local cancer charity and has won many awards, and been in many publications in the UK. She uses her e-mail address as her primary contact between her and those companies she's appealing to for help.
This morning she received a number of stern replies to e-mail's she can't remember sending. It turns out that her admirer has sent abusive e-mail's to many of the people on her contact list, and has changed my cousins contact name to 'C**t Flaps'.

There's a funny side to be seen here, but not when he's specifically sent the e-mail's in the hope of damaging her reputation. Those he sent the e-mail's to include heads of national companies and government official's (the wife of the lord mayor actually called my cousin) - relationships that have taken many years to build up.

Understandably my cousin is mortally embarrassed. The first time it happened she laughed it off and simply changed her password. She's asked me how he's doing it - how has he hacked her address even when her passwords have been changed?
She's now changed her e-mail address, but wants to keep the old one due to so many people knowing it.

What I want to know is, given that I have HIS e-mail address, what can I do to him if he proceeds down this path again?

He's obviously quite tech-savvy, so I'd like him to know that he's not the only one who can mess with others' e-mail accounts.

If anybody can please PM me to say what measures can be taken, I'd be very appreciative

ask if the password had any numbers in it, all mine do simple word passwords can be easyly cracked, and she really needs to get a proper email account, either by getting her own domain or at least use gmail, hotmail is just too unprofessional

I tell you what you do to this guy, you knock on his door at 2 AM, when he opens the door you kick him in the nuts and smack him in the head with a golf club. You then tie him up, throw him inthe bath tub, and call twelve of your friends over to piss on him.

ask if the password had any numbers in it, all mine do simple word passwords can be easyly cracked, and she really needs to get a proper email account, either by getting her own domain or at least use gmail, hotmail is just too unprofessional

Click to expand...

Of course, social engineering might have been used to get the password.

tell her she needs to change her secret question, not just her password, she needs to make it a lot more secure by using numbers and letters (and nothing specific) and changer her secret question to something only she would know. like whats your favorite color and the answer being pickles55884 or something like that.

...She's asked me how he's doing it - how has he hacked her address even when her passwords have been changed?..

Click to expand...

I've never used Hotmail but I have hacked into someones email account in a similar fashion but with good intentions.

It was a Virginmail account and I simply clicked on Forgotton password? and found that the person had actually put the answer to "What's your mothers maiden name as their mothers maiden name". Bingo I was in.

I didn't even jnow the guy, just his name and address. but googleing that got me an entry on a geneology site where he'd left a message giving his email account and a list of three names he was interested in. One was his, one his mom's maiden name (it turned out) and I'd guess the third was his wife's maiden name.

What to do in your case? I'd go with the nuts and golf club idea or the Police.

these people not necessarily stop at hacking the e-mail. these people are out of control and can become dangerous.

the fact that he mails to the ceo's shows that he's lost it and he crossed the line.

in the moment the police can't do anything real. but when they talk to him it most likely is enough to scare him away for good. it sounds like it's an overreaction but maybe you can ask them to just call him and drop a few words. that is most likely enough.

if he continues it's later much easier to get the police to do something about it since he's on record already.

First and most obviously -- you need to talk to hotmail security.
You also need to get some complete copies of the offending mails, ncluding full headers.

Secondly: Be very sure of what's going on. There is a possibility (unable to determine from the information provided) that her email account has NOT been hacked, but that she is the victim of either an email virus or a "Joe-Job"

The fact that people she knows have received email with her return address does NOT mean that this email was actually sent from her account. Spammers commonly insert valid from: and reply-to: addresses in their spam, so that the mail gets through and any bounces or complaints go to some helpless other person. She may have just been unlucky enough to have a spammer select her address this week.

Relatedly, more and more spam is sent via virus-infected machines; these will send out to everyone on their address book, using another person in the address book as the from: and reply-to:

So if one of her contacts has her name in their addresses, plus others at other related orgs., then it is possible that some people she knows is receiving virus mail with her return address.

Now depending on the email headers, Hotmail should be able to determine whether in fact it was sent BY her account, and therefore tell if it has been hacked.

Oh, and there is no way that anybody who is running a credible organization should be using a hotmail or yahoo address (or a .biz, or a .cn or .ru). I routinely ignore mail from any free webmail based service beacuse any scammer can sign up at no cost and with no ID.

If her work is of any importance at all, she should be getting her own domain and moving all mail to that.

My cousin has had her MSN/Hotmail account hacked by an 'admirer' of hers. It's not the first time this has happened, he gained access to her account a few months ago - reading and sending e-mail's to the people in her contact list.

Click to expand...

... What this guy did is hardly a hack. It's social engineering at best, criminal mischief at worst. Either way, it's not a hack.

Quote

What I want to know is, given that I have HIS e-mail address, what can I do to him if he proceeds down this path again?

Click to expand...

Send an email to his ISP and an email to MSN's customer service division. He is in violation of many terms of service, I'm sure.

Quote

He's obviously quite tech-savvy, so I'd like him to know that he's not the only one who can mess with others' e-mail accounts.

Click to expand...

Ever heard the phrase, "Two wrongs don't make a right?" All you'll be doing is tossing a can of fresh fuel onto the fire and painting a big target on your back. I advise that you not stoop to his level of mischief.

If you want to "get even", I suggest you take the proper route and report the problem(s) to the service providers involved (his ISP, the email service, etc). He agreed to a specific set of terms when he began using their services, so I'm sure they'll be glad to know that he's potentially in violation of one or more terms and, thus, in a breach of contract.

His consequences will range between a written warning and a complete termination of service. I doubt you'll get any criminal charges, but you may be able to file civil charges for slander and/or defamation of character.

Something I should have stated in my original post was that my cousin, and I would presume the 'admirer', are aged only 17 and go to the same school.

This may go some way to explaining the immaturity of it all, and on the flip side show that it's not quite as dangerous as it may have first sounded, and is also why she doesn't have her own domain and instead uses a Hotmail account.

As it is she's already signed up for a G-Mail account and is now going to use this as her primary address.

Given he's only a school kid I feel contacting the police may be a little OTT. If, however, he's stupid enough to do it again I feel this may be the only option.

I've copied all of the information in this thread, and also that given in the PM's I've been sent, and I'm going to e-mail her (G-Mail account! ). It's then up to her what she does.

As it is she's already signed up for a G-Mail account and is now going to use this as her primary address.

Click to expand...

cool, i was just going to say, pm me if you need an invite but looks like she's already got one. gmail rocks! (although, at the end of the day if your password or security question is guess-able it doesn't make a difference).

one thing to remember guys - if you check gmail at an apple store, MAKE SURE you don't forget to sign out. i did that the other day and felt kinda stupid..

Just because he's 17 doesn't mean he deserves any mercy. Hell, 17 year old kids commit crimes all the time and get tried as adults. So, that being said, your best bet to teach this little b@@@@@ a lesson is to piss on him. Eat lots of aspergus before hand too.

I would go to the cops, people need to learn things fast in life and having the cops knock on his door and take his computer away to inspect it for things would be a kick in the butt, even better if they found illegal content on it and he went to jail.

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.